diff options
| author | Lexi Winter <ivy@FreeBSD.org> | 2025-06-03 11:19:48 +0100 |
|---|---|---|
| committer | Lexi Winter <ivy@FreeBSD.org> | 2025-06-03 11:19:48 +0100 |
| commit | c4aee4f7ad2912e68948c9848d2a6a499e65a4cb (patch) | |
| tree | d5bc83aef9f6cda0064ad1bd45a71073b6b89fc4 /domains.conf.sample | |
| parent | ef5e0748ecb419ffdcc6e99c768bef9109e45973 (diff) | |
| download | lfacme-c4aee4f7ad2912e68948c9848d2a6a499e65a4cb.tar.gz lfacme-c4aee4f7ad2912e68948c9848d2a6a499e65a4cb.tar.bz2 | |
domains.conf: improve docs a little
Diffstat (limited to 'domains.conf.sample')
| -rw-r--r-- | domains.conf.sample | 34 |
1 files changed, 20 insertions, 14 deletions
diff --git a/domains.conf.sample b/domains.conf.sample index 41de581..ec51322 100644 --- a/domains.conf.sample +++ b/domains.conf.sample @@ -7,23 +7,23 @@ # Empty lines and lines beginning with a '#' character are ignored. ## -# Each line specifies one certificate using one or more whitespace-separated -# fields. +# Each line specifies one certificate as a series of whitespace-separated +# fields. The first field is the certificate name, which is used internally +# by lfacme in the certificate filename, but is not part of the certificate +# itself. # -# The first field is the certificate name, which is only used internally by -# lfacme and is not part of the certificate. -# -# The remaining fields are certificate options, which may be either subject alt -# names or options for the certificate. +# The remaining fields are either certificate options or subject alt names for +# the certificate. # # If no subject alt names are provided, then the certificate name is used as -# the common name and subject alt name. +# the common name and subject alt name. Otherwise, the first subject alt name +# is used as the common name. ## # Supported options: # # type=ec Generate a secp384r1 ECDSA private key. -# (This is the default) +# (This is the default.) # # type=rsa Generate a 3072-bit RSA private key. # @@ -35,16 +35,22 @@ # challenge=<name> # Use <name> as the challenge handler. If <name> begins # with '/' then it is an absolute path, otherwise it will -# be searched for in /usr/local/share/lfacme/challenge/ +# be searched for in /usr/local/share/lfacme/challenge/, # then /usr/local/etc/lfacme/challenge/. # -# One challenge script is supplied with lfacme, "kerberos", +# The challenge handler is passed to uacme(1), so you can use +# any uacme-compatible handler here. +# +# One challenge handler is supplied with lfacme, "kerberos", # which uses Kerberized nsupdate(1) to respond to dns-01 -# challenges. +# challenges. This is the default handler. +## # A certificate name of "*" can be used to set the default options for any -# following certificates. For example, to use RSA (instead of the default -# ECDSA) for all certificates: +# following certificates. Each "*" line replaces the previous default +# options. You can specify subject alt names here as well. +# +# For example, to use RSA (instead of the default ECDSA) for all certificates: * type=rsa # Issue a cert for example.org using the default options. |